aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/crypto
Commit message (Collapse)AuthorAgeFilesLines
* proposal: Parse modpnone as MODP_NONE(0)Tobias Brunner2016-06-171-0/+1
|
* crypto-factory: Stop after successfully creating one nonce generatorTobias Brunner2016-06-171-0/+4
| | | | Fixes: e2fc09c186c3 ("Add nonce generator interface")
* proposal: Use standard integer types for static keywordsTobias Brunner2016-03-311-2/+2
|
* Use standard unsigned integer typesAndreas Steffen2016-03-2419-50/+50
|
* iv-gen: Use NULL IV generator for NULL encryptionTobias Brunner2015-11-091-0/+5
| | | | | | | | | | | | We don't need an IV for NULL encryption, so we wouldn't technically need an IV generator. But some of the code currently relies on an IV generator to be present. So we don't have to change that code and handle IV size == 0 specially we use the new NULL IV generator, which handles this transparently to the existing code. Before 3c81cb6fc322 ("aead: Create AEAD using traditional transforms with an explicit IV generator") iv_gen_rand_t was used for NULL encryption, which would work too but this way it's clearer.
* crypto: Add NULL IV generatorTobias Brunner2015-11-092-0/+95
| | | | | This does not actually allocate an IV and only accepts requests for size == 0.
* testing: Updated hasher testsAndreas Steffen2015-11-061-4/+8
|
* Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemesAndreas Steffen2015-11-061-6/+6
|
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-031-0/+3
|
* Defined SHA-3 hashersAndreas Steffen2015-11-032-6/+52
|
* proposal: Add a chacha20poly1305 proposal keywordMartin Willi2015-06-291-0/+1
|
* crypter: Define a ChaCha20/Poly1305 AEAD algorithm identifierMartin Willi2015-06-293-3/+7
|
* ivgen: Allow reusing the same message ID twice in sequential IV genMartin Willi2015-06-051-7/+25
| | | | | | | | | | | | We use the message ID and fragment number as IV generator. As IKEv2 uses distinct message ID counters for actively and passively initiated exchanges, each IV would be used twice. As we explicitly reject such message IDs since d0ed1079, original-responder initiated exchanges fail with counter mode ciphers. This commit separates IV space in two halves for sequential IVs, and automatically assigns once reused sequence numbers to the second half. Fixes #980.
* iv-gen: Fail getting shorter IV values than the used counter sizeMartin Willi2015-06-011-0/+4
| | | | | While no algorithm actually uses such short IVs, we add a check here to ensure we won't return just the lower bits of the counter.
* iv-gen: Ensure external sequential IVs are actually sequentialMartin Willi2015-06-012-0/+23
| | | | We allow gaps in IVs, but ensure that an IV is never used more than once.
* crypto-factory: Remove obsolete transform testing functionsMartin Willi2015-04-152-54/+0
|
* transform: Add a getter for the enum_names for a specific transform typeMartin Willi2015-04-152-0/+40
|
* crypto-factory: Add enumerator method to support individual transform testingMartin Willi2015-04-152-0/+127
|
* crypto-tester: Support testing DH groups using DH test vectorsMartin Willi2015-04-153-2/+224
|
* diffie-hellman: Introduce an optional setter for the private valueMartin Willi2015-04-151-0/+12
| | | | This allows us to work with deterministic values for testing purposes.
* crypto-tester: Use the plugin feature key size to benchmark crypters/aeadsMartin Willi2015-04-153-21/+27
| | | | | | We previously didn't pass the key size during algorithm registration, but this resulted in benchmarking with the "default" key size the crypter uses when passing 0 as key size.
* utils: Use memeq_const() for all cryptographic purposesMartin Willi2015-04-141-2/+1
|
* aead: Create AEAD using traditional transforms with an explicit IV generatorMartin Willi2015-04-132-3/+4
| | | | | | Real AEADs directly provide a suitable IV generator, but traditional crypters do not. For some (stream) ciphers, we should use sequential IVs, for which we pass an appropriate generator to the AEAD wrapper.
* iv-gen: Add a generic constructor to create an IV gen from an algorithmMartin Willi2015-04-132-0/+69
|
* crypto-tester: Explicitly exclude FIPS-PRF from append mode testsMartin Willi2015-03-281-8/+11
| | | | | This was implicitly done by the seed length check before 58dda5d6, but we now require an explicit check to avoid that unsupported use.
* crypto-tester: Test set_key() after a doing a partial append on prf/signersMartin Willi2015-03-271-2/+20
| | | | | While that use is uncommon in real-world use, nonetheless should HMAC set a correct key and reset any underlying hasher.
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-232-1/+82
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-1/+3
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-1/+3
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-231-2/+3
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* hash-algorithm-set: Add class to manage a set of hash algorithmsTobias Brunner2015-03-042-0/+189
|
* hasher: Add helper to determine hash algorithm from signature schemeTobias Brunner2015-03-042-0/+44
|
* hasher: Add filter function for algorithms permitted by RFC 7427Tobias Brunner2015-03-042-0/+30
|
* hasher: Redefine hash algorithms to match values defined by RFC 7427Tobias Brunner2015-03-042-27/+29
| | | | Other algorithms are defined in private use range.
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-261-0/+4
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* Fixed bad bit shift and sign extension errorsAndreas Steffen2014-12-231-6/+20
|
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-232-7/+10
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* mgf1: Use correct Doxygen groupsTobias Brunner2014-12-152-4/+4
|
* Fixed some typos, courtesy of codespellTobias Brunner2014-12-151-2/+2
|
* pkcs5: Add support for PBES2 encryption schemes other than 3DESTobias Brunner2014-12-051-8/+24
| | | | | | | | This allows using e.g. AES for PKCS#8 and PKCS#12 files. Some legacy schemes defined in RFC 2898 are not supported (like RC2). Fixes #740.
* asn1: Add OID for Blowfish CBCTobias Brunner2014-12-051-0/+7
| | | | | | | | The OID (1.3.6.1.4.1.3029.1.2) is technically not correct, the correct one is (1.3.6.1.4.1.3029.1.1.2). Every other library or tool (like OpenSSL) uses the incorrect one so we do the same. References #740.
* diffie-hellman: Handle dh_exponent_ansi_x9_42 as a boolean settingMartin Willi2014-12-051-2/+2
| | | | | | | | | | | | | While it was always documented as boolean setting, the option is currently handled as integer value, for which yes/no values do not work. Instead the default of TRUE is used for a no value. The option has been moved a lot during the last years, and in some locations was handled as bool, in some as integer. In the latest codebase it congruently used integer, which is actually not what is documented and used in testing. Fixes #781.
* Implemented get_byte() method for mgf1_bitspender classAndreas Steffen2014-11-292-18/+61
| | | | | | The new get_byte() method returns a pseudo-random byte at a time. Changed the get_bits() interface to the same interface as get_byte(). Updated the mgf1 unit-tests accordingly.
* Started implementing BLISS signature generationAndreas Steffen2014-11-291-0/+8
|
* Implemented bitspender based on the MGF1 mask generator functionAndreas Steffen2014-11-293-1/+219
|
* Moved mgf1 class to libstrongswan/crypto/mgf1Andreas Steffen2014-11-292-0/+257
|
* diffie-hellman: Explicitly initialize DH exponent sizes during initializationMartin Willi2014-08-252-8/+36
| | | | | | | | To avoid any race conditions when multiple threads call and initialize diffie_hellman_get_params(), explicitly examine the optimum DH exponent size during library initialization. Fixes #655.
* crypto-factory: Only sort RNGs by algorithm identifierTobias Brunner2014-06-201-5/+13
| | | | | Others remain in the order in which they were added, grouped by algorithm identifier and sorted by benchmarking speed, if provided.
* windows: Check for clock_gettime() function itself as wellMartin Willi2014-06-041-1/+1
| | | | | CLOCK_THREAD_CPUTIME_ID seems to be defined sometimes even if clock_gettime() is missing.
* windows: Add a common Windows header for platform specific wrappersMartin Willi2014-06-031-2/+4
| | | | | Include some more basic system headers in utils.h, so we can use that common header on the different platforms.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 20:25:05 +0000